Known Issue: 401 Unauthorized Error relating to SharePoint integration
KB003652
PRODUCTSharePoint tenants created after 25th August 2020 have the DisableCustomAppAuthentication setting enabled by default. If the workaround in this article has not been performed, any interaction with SharePoint Online will cause a 401 Unauthorized error. This article describes an example of this issue in K2 Workflow, but the issue also occurs in Nintex Workflow Cloud.
See the following related article for more information:
Issue:
When creating a K2 workflow that starts with a SharePoint event, such as Item added, a 401 error is logged to the K2 host server, and the remote start event does not work.
Error message:
The following error message is added to the K2 host server log:
"2249748","2020-12-04 09:11:19","Error","General","0","ErrorMessage","SharePoint Broker","0 System.Net.WebException: The remote server returned an error: (401) Unauthorized. at SourceCode.SmartObjects.Services.SharePoint.TransientPlanExecutor.ExecutePlan() at SourceCode.SmartObjects.Services.SharePoint.Operations.SPEvent.EventExecutableObject.ExecuteRegisterEventMethod() at SourceCode.SmartObjects.Services.SharePoint.Operations.SPEvent.EventExecutableObject.CallExecuteMethod() at SourceCode.SmartObjects.Services.SharePoint.Operations.SPEvent.EventExecutableObject.ExecuteObject() at SourceCode.SmartObjects.Services.SharePoint.SharePointService.Execute(). Additional info: The remote server returned an error: (401) Unauthorized.x-ms-diagnostics : 3000014;reason='Token type is not allowed.';category='invalid_request' SPRequestGuid : 1ff3939f-50a4-b000-63d1-c2082baf8801 Broker Method : RegisterEvent
You may also see the following error message:
Cause:
In September 2020 Microsoft turned off SharePoint App-Only tokens by default.
You can verify this is the cause by running the following command using the latest version of SharePoint Online PowerShell. If the result is True, use the workaround to change it.
Get-SPOTenant | Select DisableCustomAppAuthentication
Workaround:
- Follow the steps in Granting access using SharePoint App-Only to enable SharePoint App-Only tokens.
- Connect to your SharePoint tenant as an administrator and use the latest version of SharePoint Online PowerShell to run:
set-spotenant -DisableCustomAppAuthentication $false
- This setting takes about five minutes to update within your SharePoint tenant. Once it applies, you can create K2 workflows that start on SharePoint events.